Pentest-Tools.com CLI & MCP Server

Command-line interface, Python bindings, and MCP server for Pentest-Tools.com, a platform for scanning web applications and network infrastructure for vulnerabilities.

MCP Server

Connect any MCP-compatible AI assistant to your Pentest-Tools.com account to run scans, triage findings, and generate reports. You'll need an API key from a paid plan. Get one at My Account > API.

Supported clients: Claude, Cursor, VS Code, Gemini CLI, and any MCP-compatible tool. Full documentation: pentest-tools.com/docs/ai/mcp/overview

What you can do

Run Website Scanner, Subdomain Finder, and Network Scanner scans
Manage targets, workspaces, scans, and findings
Generate and download reports, including translated reports for regional teams
Chain tools into multi-phase workflows that include recon, vulnerability triage, and executive summaries, through plain language prompts

Quick setup: remote server (recommended)

For terminal-based clients, use directly:

Claude Code

claude mcp add --transport http ptt-mcp https://mcp.pentest-tools.com/mcp --header "Authorization: Bearer your_api_key_here"

Gemini CLI

gemini mcp add ptt-mcp --transport http https://mcp.pentest-tools.com/mcp --header "Authorization: Bearer your_api_key_here"

Cursor: paste this URL in your browser for one-click install, then add your API key:

cursor://anysphere.cursor-deeplink/mcp/install?name=ptt-mcp&config=eyJ1cmwiOiJodHRwczovL21jcC5wZW50ZXN0LXRvb2xzLmNvbS9tY3AiLCJoZWFkZXJzIjp7IkF1dGhvcml6YXRpb24iOiJCZWFyZXIgeW91cl9hcGlfa2V5X2hlcmUifX0=

Or manually add according to your preferred agent and config file location:

{
  "servers": {
    "ptt-mcp": {
      "type": "http",
      "url": "https://mcp.pentest-tools.com/mcp",
      "headers": { "Authorization": "Bearer your_api_key_here" }
    }
  }
}

Local server

Requires Python 3.10+.

pip install "pentesttools[mcp]"
PTT_API_KEY=your_api_key_here ptt mcp

You can also pass the key inline: --key your_api_key_here. For client-specific local setup, see the full documentation.

CLI

Run scans from the terminal or integrate PTT into your scripts and CI/CD pipelines.

For AI assistant integration, see the MCP Server section above.

Installing

PentestTools Python module is delivered through PyPI, so it can be installed directly via pip:

pip install pentesttools

Usage

The pentesttools package provides a command line interface through the ptt utility. Right now it supports the Website Scanner service.

Example for the simplest scan:

ptt run website_scanner <url>

This runs a freemium Website Scanner scan on the <url>. Unlike in the platform itself, you can omit the schema part from the url.

Global arguments, like a suitable key for a deep scan, have to be passed straight to ptt. Tool arguments have to be passed to the tool.

ptt --key <key> run website_scanner --scan_type deep <url>

If you want the command to fail if the report contains vulnerabilities with a higher risk than some value, you can use the --fail argument.

ptt --fail high run website_scanner <url>

You can also run ptt using docker. The docker image has ptt as an entrypoint, so you don't have to type it anymore. Note that the old ptt-scan name is still used on docker.

docker run pentesttoolscom/ptt-scan:latest run website_scanner <url>

Development installation

If you want to easily modify the sources and your modifications:

pip install --edit .

Uninstalling

pip uninstall pentesttools

Testing and Coverage

You can run the tests and make coverage reports like this:

python3 -m pytest src/tests

coverage run -m pytest src/tests
coverage report -m

pentesttools pypi